General
-
Target
08f2609e7f7daf0f78032f773a68b72c
-
Size
1.4MB
-
Sample
231230-a3wc8aead3
-
MD5
08f2609e7f7daf0f78032f773a68b72c
-
SHA1
f00e4c61cce15ee5f43c032d8d595aba65fbdc86
-
SHA256
0ed8f93b98f9cfff89559df9e0a8d360cab3dde1abfa2992216b4a98c5ca1253
-
SHA512
8c1ba503d2956ad0c60b11547908b81e601a3bfb2c75ae73c03718bd883ff94451b0697f915049614470d59388d161c02893ad90b48466f77fc154a20215da74
-
SSDEEP
24576:abOd/OsBgo0q4wMf/5vUQgxZGCc+b8QHsDpXgbkyh1Sl+inzQSjzVrV9ZtXCU8jt:abOsoHMXpUnxZGClb8QGryPSEY79/CUw
Static task
static1
Behavioral task
behavioral1
Sample
08f2609e7f7daf0f78032f773a68b72c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
08f2609e7f7daf0f78032f773a68b72c.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
webmonitor
niiarmah.wm01.to:443
-
config_key
4EcDHH7aWbl50LayUnuRlJWUXiKQWk0O
-
private_key
yvkn5wM8E
-
url_path
/recv5.php
Targets
-
-
Target
08f2609e7f7daf0f78032f773a68b72c
-
Size
1.4MB
-
MD5
08f2609e7f7daf0f78032f773a68b72c
-
SHA1
f00e4c61cce15ee5f43c032d8d595aba65fbdc86
-
SHA256
0ed8f93b98f9cfff89559df9e0a8d360cab3dde1abfa2992216b4a98c5ca1253
-
SHA512
8c1ba503d2956ad0c60b11547908b81e601a3bfb2c75ae73c03718bd883ff94451b0697f915049614470d59388d161c02893ad90b48466f77fc154a20215da74
-
SSDEEP
24576:abOd/OsBgo0q4wMf/5vUQgxZGCc+b8QHsDpXgbkyh1Sl+inzQSjzVrV9ZtXCU8jt:abOsoHMXpUnxZGClb8QGryPSEY79/CUw
Score10/10-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-